[openssl-commits] [openssl] master update

Emilia Kasper emilia at openssl.org
Thu Jul 21 13:45:43 UTC 2016


The branch master has been updated
       via  11279b13f586441a8fcc5109ee1907f33eb0cc24 (commit)
      from  2980ae2e78169b3b4d0b140c0c5796c441c5902c (commit)


- Log -----------------------------------------------------------------
commit 11279b13f586441a8fcc5109ee1907f33eb0cc24
Author: Emilia Kasper <emilia at openssl.org>
Date:   Thu Jul 21 14:04:00 2016 +0200

    Test client-side resumption
    
    Add tests for resuming with a different client version.
    
    This happens in reality when clients persist sessions on disk through
    upgrades.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 test/README.ssltest.md                 |   7 +-
 test/generate_ssl_tests.pl             |  10 +
 test/handshake_helper.c                |   5 +-
 test/handshake_helper.h                |   1 +
 test/ssl-tests/10-resumption.conf      | 884 ++++++++++++++++++++++++++++++++-
 test/ssl-tests/11-dtls_resumption.conf | 402 ++++++++++++++-
 test/ssl-tests/protocol_version.pm     |  32 +-
 test/ssl_test.c                        |  15 +-
 test/ssl_test.tmpl                     |   9 +
 9 files changed, 1352 insertions(+), 13 deletions(-)

diff --git a/test/README.ssltest.md b/test/README.ssltest.md
index 8cd55ed..445fda9 100644
--- a/test/README.ssltest.md
+++ b/test/README.ssltest.md
@@ -124,8 +124,13 @@ The following sections may optionally be defined:
   matches server.
 * resume_server - this section configures the client to resume its session
   against a different server. This context is used whenever HandshakeMode is
-  Resume. If the resume-server section is not present, then the configuration
+  Resume. If the resume_server section is not present, then the configuration
   matches server.
+* resume_client - this section configures the client to resume its session with
+  a different configuration. In practice this may occur when, for example,
+  upgraded clients reuse sessions persisted on disk.  This context is used
+  whenever HandshakeMode is Resume. If the resume_client section is not present,
+  then the configuration matches client.
 
 ### Default server and client configurations
 
diff --git a/test/generate_ssl_tests.pl b/test/generate_ssl_tests.pl
index a2f4714..951421b 100644
--- a/test/generate_ssl_tests.pl
+++ b/test/generate_ssl_tests.pl
@@ -63,6 +63,16 @@ sub print_templates {
             $test->{"resume_server"} = { };
         }
         $test->{"client"} = { (%ssltests::base_client, %{$test->{"client"}}) };
+        if (defined $test->{"resume_client"}) {
+            $test->{"resume_client"} = { (%ssltests::base_client, %{$test->{"resume_client"}}) };
+        } elsif (defined $test->{"test"}->{"HandshakeMode"} &&
+                 $test->{"test"}->{"HandshakeMode"} eq "Resume") {
+            # Default is the same as client.
+            $test->{"resume_client"} = { (%ssltests::base_client, %{$test->{"client"}}) };
+        } else {
+            # Do not emit an empty "resume-client" section.
+            $test->{"resume_client"} = { };
+        }
     }
 
     # ssl_test expects to find a
diff --git a/test/handshake_helper.c b/test/handshake_helper.c
index c4f298e..eecc6f7 100644
--- a/test/handshake_helper.c
+++ b/test/handshake_helper.c
@@ -673,6 +673,7 @@ static HANDSHAKE_RESULT *do_handshake_internal(
 
 HANDSHAKE_RESULT *do_handshake(SSL_CTX *server_ctx, SSL_CTX *server2_ctx,
                                SSL_CTX *client_ctx, SSL_CTX *resume_server_ctx,
+                               SSL_CTX *resume_client_ctx,
                                const SSL_TEST_CTX *test_ctx)
 {
     HANDSHAKE_RESULT *result;
@@ -692,8 +693,8 @@ HANDSHAKE_RESULT *do_handshake(SSL_CTX *server_ctx, SSL_CTX *server2_ctx,
 
     HANDSHAKE_RESULT_free(result);
     /* We don't support SNI on second handshake yet, so server2_ctx is NULL. */
-    result = do_handshake_internal(resume_server_ctx, NULL, client_ctx, test_ctx,
-                                   session, NULL);
+    result = do_handshake_internal(resume_server_ctx, NULL, resume_client_ctx,
+                                   test_ctx, session, NULL);
  end:
     SSL_SESSION_free(session);
     return result;
diff --git a/test/handshake_helper.h b/test/handshake_helper.h
index 5027bef..2fb8ac0 100644
--- a/test/handshake_helper.h
+++ b/test/handshake_helper.h
@@ -47,6 +47,7 @@ void HANDSHAKE_RESULT_free(HANDSHAKE_RESULT *result);
 /* Do a handshake and report some information about the result. */
 HANDSHAKE_RESULT *do_handshake(SSL_CTX *server_ctx, SSL_CTX *server2_ctx,
                                SSL_CTX *client_ctx, SSL_CTX *resume_server_ctx,
+                               SSL_CTX *resume_client_ctx,
                                const SSL_TEST_CTX *test_ctx);
 
 #endif  /* HEADER_HANDSHAKE_HELPER_H */
diff --git a/test/ssl-tests/10-resumption.conf b/test/ssl-tests/10-resumption.conf
index 899f321..bea91fe 100644
--- a/test/ssl-tests/10-resumption.conf
+++ b/test/ssl-tests/10-resumption.conf
@@ -1,6 +1,6 @@
 # Generated with generate_ssl_tests.pl
 
-num_tests = 18
+num_tests = 36
 
 test-0 = 0-resumption
 test-1 = 1-resumption
@@ -20,6 +20,24 @@ test-14 = 14-resumption
 test-15 = 15-resumption
 test-16 = 16-resumption
 test-17 = 17-resumption
+test-18 = 18-resumption
+test-19 = 19-resumption
+test-20 = 20-resumption
+test-21 = 21-resumption
+test-22 = 22-resumption
+test-23 = 23-resumption
+test-24 = 24-resumption
+test-25 = 25-resumption
+test-26 = 26-resumption
+test-27 = 27-resumption
+test-28 = 28-resumption
+test-29 = 29-resumption
+test-30 = 30-resumption
+test-31 = 31-resumption
+test-32 = 32-resumption
+test-33 = 33-resumption
+test-34 = 34-resumption
+test-35 = 35-resumption
 # ===========================================================
 
 [0-resumption]
@@ -28,6 +46,7 @@ ssl_conf = 0-resumption-ssl
 [0-resumption-ssl]
 server = 0-resumption-server
 resume-server = 0-resumption-resume-server
+resume-client = 0-resumption-resume-client
 client = 0-resumption-client
 
 [0-resumption-server]
@@ -49,6 +68,11 @@ CipherString = DEFAULT
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
+[0-resumption-resume-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
 [test-0]
 HandshakeMode = Resume
 Protocol = TLSv1
@@ -63,6 +87,7 @@ ssl_conf = 1-resumption-ssl
 [1-resumption-ssl]
 server = 1-resumption-server
 resume-server = 1-resumption-resume-server
+resume-client = 1-resumption-resume-client
 client = 1-resumption-client
 
 [1-resumption-server]
@@ -84,6 +109,11 @@ CipherString = DEFAULT
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
+[1-resumption-resume-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
 [test-1]
 HandshakeMode = Resume
 Protocol = TLSv1
@@ -98,6 +128,7 @@ ssl_conf = 2-resumption-ssl
 [2-resumption-ssl]
 server = 2-resumption-server
 resume-server = 2-resumption-resume-server
+resume-client = 2-resumption-resume-client
 client = 2-resumption-client
 
 [2-resumption-server]
@@ -119,6 +150,11 @@ CipherString = DEFAULT
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
+[2-resumption-resume-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
 [test-2]
 HandshakeMode = Resume
 Protocol = TLSv1.1
@@ -133,6 +169,7 @@ ssl_conf = 3-resumption-ssl
 [3-resumption-ssl]
 server = 3-resumption-server
 resume-server = 3-resumption-resume-server
+resume-client = 3-resumption-resume-client
 client = 3-resumption-client
 
 [3-resumption-server]
@@ -154,6 +191,11 @@ CipherString = DEFAULT
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
+[3-resumption-resume-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
 [test-3]
 HandshakeMode = Resume
 Protocol = TLSv1.1
@@ -168,6 +210,7 @@ ssl_conf = 4-resumption-ssl
 [4-resumption-ssl]
 server = 4-resumption-server
 resume-server = 4-resumption-resume-server
+resume-client = 4-resumption-resume-client
 client = 4-resumption-client
 
 [4-resumption-server]
@@ -189,6 +232,11 @@ CipherString = DEFAULT
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
+[4-resumption-resume-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
 [test-4]
 HandshakeMode = Resume
 Protocol = TLSv1.2
@@ -203,6 +251,7 @@ ssl_conf = 5-resumption-ssl
 [5-resumption-ssl]
 server = 5-resumption-server
 resume-server = 5-resumption-resume-server
+resume-client = 5-resumption-resume-client
 client = 5-resumption-client
 
 [5-resumption-server]
@@ -224,6 +273,11 @@ CipherString = DEFAULT
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
+[5-resumption-resume-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
 [test-5]
 HandshakeMode = Resume
 Protocol = TLSv1.2
@@ -238,6 +292,7 @@ ssl_conf = 6-resumption-ssl
 [6-resumption-ssl]
 server = 6-resumption-server
 resume-server = 6-resumption-resume-server
+resume-client = 6-resumption-resume-client
 client = 6-resumption-client
 
 [6-resumption-server]
@@ -259,6 +314,11 @@ CipherString = DEFAULT
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
+[6-resumption-resume-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
 [test-6]
 HandshakeMode = Resume
 Protocol = TLSv1
@@ -273,6 +333,7 @@ ssl_conf = 7-resumption-ssl
 [7-resumption-ssl]
 server = 7-resumption-server
 resume-server = 7-resumption-resume-server
+resume-client = 7-resumption-resume-client
 client = 7-resumption-client
 
 [7-resumption-server]
@@ -294,6 +355,11 @@ CipherString = DEFAULT
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
+[7-resumption-resume-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
 [test-7]
 HandshakeMode = Resume
 Protocol = TLSv1
@@ -308,6 +374,7 @@ ssl_conf = 8-resumption-ssl
 [8-resumption-ssl]
 server = 8-resumption-server
 resume-server = 8-resumption-resume-server
+resume-client = 8-resumption-resume-client
 client = 8-resumption-client
 
 [8-resumption-server]
@@ -329,6 +396,11 @@ CipherString = DEFAULT
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
+[8-resumption-resume-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
 [test-8]
 HandshakeMode = Resume
 Protocol = TLSv1.1
@@ -343,6 +415,7 @@ ssl_conf = 9-resumption-ssl
 [9-resumption-ssl]
 server = 9-resumption-server
 resume-server = 9-resumption-resume-server
+resume-client = 9-resumption-resume-client
 client = 9-resumption-client
 
 [9-resumption-server]
@@ -364,6 +437,11 @@ CipherString = DEFAULT
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
+[9-resumption-resume-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
 [test-9]
 HandshakeMode = Resume
 Protocol = TLSv1.1
@@ -378,6 +456,7 @@ ssl_conf = 10-resumption-ssl
 [10-resumption-ssl]
 server = 10-resumption-server
 resume-server = 10-resumption-resume-server
+resume-client = 10-resumption-resume-client
 client = 10-resumption-client
 
 [10-resumption-server]
@@ -399,6 +478,11 @@ CipherString = DEFAULT
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
+[10-resumption-resume-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
 [test-10]
 HandshakeMode = Resume
 Protocol = TLSv1.2
@@ -413,6 +497,7 @@ ssl_conf = 11-resumption-ssl
 [11-resumption-ssl]
 server = 11-resumption-server
 resume-server = 11-resumption-resume-server
+resume-client = 11-resumption-resume-client
 client = 11-resumption-client
 
 [11-resumption-server]
@@ -434,6 +519,11 @@ CipherString = DEFAULT
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
+[11-resumption-resume-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
 [test-11]
 HandshakeMode = Resume
 Protocol = TLSv1.2
@@ -448,6 +538,7 @@ ssl_conf = 12-resumption-ssl
 [12-resumption-ssl]
 server = 12-resumption-server
 resume-server = 12-resumption-resume-server
+resume-client = 12-resumption-resume-client
 client = 12-resumption-client
 
 [12-resumption-server]
@@ -469,6 +560,11 @@ CipherString = DEFAULT
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
+[12-resumption-resume-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
 [test-12]
 HandshakeMode = Resume
 Protocol = TLSv1
@@ -483,6 +579,7 @@ ssl_conf = 13-resumption-ssl
 [13-resumption-ssl]
 server = 13-resumption-server
 resume-server = 13-resumption-resume-server
+resume-client = 13-resumption-resume-client
 client = 13-resumption-client
 
 [13-resumption-server]
@@ -504,6 +601,11 @@ CipherString = DEFAULT
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
+[13-resumption-resume-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
 [test-13]
 HandshakeMode = Resume
 Protocol = TLSv1
@@ -518,6 +620,7 @@ ssl_conf = 14-resumption-ssl
 [14-resumption-ssl]
 server = 14-resumption-server
 resume-server = 14-resumption-resume-server
+resume-client = 14-resumption-resume-client
 client = 14-resumption-client
 
 [14-resumption-server]
@@ -539,6 +642,11 @@ CipherString = DEFAULT
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
+[14-resumption-resume-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
 [test-14]
 HandshakeMode = Resume
 Protocol = TLSv1.1
@@ -553,6 +661,7 @@ ssl_conf = 15-resumption-ssl
 [15-resumption-ssl]
 server = 15-resumption-server
 resume-server = 15-resumption-resume-server
+resume-client = 15-resumption-resume-client
 client = 15-resumption-client
 
 [15-resumption-server]
@@ -574,6 +683,11 @@ CipherString = DEFAULT
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
+[15-resumption-resume-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
 [test-15]
 HandshakeMode = Resume
 Protocol = TLSv1.1
@@ -588,6 +702,7 @@ ssl_conf = 16-resumption-ssl
 [16-resumption-ssl]
 server = 16-resumption-server
 resume-server = 16-resumption-resume-server
+resume-client = 16-resumption-resume-client
 client = 16-resumption-client
 
 [16-resumption-server]
@@ -609,6 +724,11 @@ CipherString = DEFAULT
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
+[16-resumption-resume-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
 [test-16]
 HandshakeMode = Resume
 Protocol = TLSv1.2
@@ -623,6 +743,7 @@ ssl_conf = 17-resumption-ssl
 [17-resumption-ssl]
 server = 17-resumption-server
 resume-server = 17-resumption-resume-server
+resume-client = 17-resumption-resume-client
 client = 17-resumption-client
 
 [17-resumption-server]
@@ -644,9 +765,770 @@ CipherString = DEFAULT
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
+[17-resumption-resume-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
 [test-17]
 HandshakeMode = Resume
 Protocol = TLSv1.2
 ResumptionExpected = Yes
 
 
+# ===========================================================
+
+[18-resumption]
+ssl_conf = 18-resumption-ssl
+
+[18-resumption-ssl]
+server = 18-resumption-server
+resume-server = 18-resumption-resume-server
+resume-client = 18-resumption-resume-client
+client = 18-resumption-client
+
+[18-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[18-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[18-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[18-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-18]
+HandshakeMode = Resume
+Protocol = TLSv1
+ResumptionExpected = Yes
+
+
+# ===========================================================
+
+[19-resumption]
+ssl_conf = 19-resumption-ssl
+
+[19-resumption-ssl]
+server = 19-resumption-server
+resume-server = 19-resumption-resume-server
+resume-client = 19-resumption-resume-client
+client = 19-resumption-client
+
+[19-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[19-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[19-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[19-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-19]
+HandshakeMode = Resume
+Protocol = TLSv1
+ResumptionExpected = Yes
+
+
+# ===========================================================
+
+[20-resumption]
+ssl_conf = 20-resumption-ssl
+
+[20-resumption-ssl]
+server = 20-resumption-server
+resume-server = 20-resumption-resume-server
+resume-client = 20-resumption-resume-client
+client = 20-resumption-client
+
+[20-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[20-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[20-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[20-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-20]
+HandshakeMode = Resume
+Protocol = TLSv1.1
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[21-resumption]
+ssl_conf = 21-resumption-ssl
+
+[21-resumption-ssl]
+server = 21-resumption-server
+resume-server = 21-resumption-resume-server
+resume-client = 21-resumption-resume-client
+client = 21-resumption-client
+
+[21-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[21-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[21-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[21-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-21]
+HandshakeMode = Resume
+Protocol = TLSv1.1
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[22-resumption]
+ssl_conf = 22-resumption-ssl
+
+[22-resumption-ssl]
+server = 22-resumption-server
+resume-server = 22-resumption-resume-server
+resume-client = 22-resumption-resume-client
+client = 22-resumption-client
+
+[22-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[22-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[22-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[22-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-22]
+HandshakeMode = Resume
+Protocol = TLSv1.2
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[23-resumption]
+ssl_conf = 23-resumption-ssl
+
+[23-resumption-ssl]
+server = 23-resumption-server
+resume-server = 23-resumption-resume-server
+resume-client = 23-resumption-resume-client
+client = 23-resumption-client
+
+[23-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[23-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[23-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[23-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-23]
+HandshakeMode = Resume
+Protocol = TLSv1.2
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[24-resumption]
+ssl_conf = 24-resumption-ssl
+
+[24-resumption-ssl]
+server = 24-resumption-server
+resume-server = 24-resumption-resume-server
+resume-client = 24-resumption-resume-client
+client = 24-resumption-client
+
+[24-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[24-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[24-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[24-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-24]
+HandshakeMode = Resume
+Protocol = TLSv1
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[25-resumption]
+ssl_conf = 25-resumption-ssl
+
+[25-resumption-ssl]
+server = 25-resumption-server
+resume-server = 25-resumption-resume-server
+resume-client = 25-resumption-resume-client
+client = 25-resumption-client
+
+[25-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[25-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[25-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[25-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-25]
+HandshakeMode = Resume
+Protocol = TLSv1
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[26-resumption]
+ssl_conf = 26-resumption-ssl
+
+[26-resumption-ssl]
+server = 26-resumption-server
+resume-server = 26-resumption-resume-server
+resume-client = 26-resumption-resume-client
+client = 26-resumption-client
+
+[26-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[26-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[26-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[26-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-26]
+HandshakeMode = Resume
+Protocol = TLSv1.1
+ResumptionExpected = Yes
+
+
+# ===========================================================
+
+[27-resumption]
+ssl_conf = 27-resumption-ssl
+
+[27-resumption-ssl]
+server = 27-resumption-server
+resume-server = 27-resumption-resume-server
+resume-client = 27-resumption-resume-client
+client = 27-resumption-client
+
+[27-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[27-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[27-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[27-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-27]
+HandshakeMode = Resume
+Protocol = TLSv1.1
+ResumptionExpected = Yes
+
+
+# ===========================================================
+
+[28-resumption]
+ssl_conf = 28-resumption-ssl
+
+[28-resumption-ssl]
+server = 28-resumption-server
+resume-server = 28-resumption-resume-server
+resume-client = 28-resumption-resume-client
+client = 28-resumption-client
+
+[28-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[28-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[28-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[28-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-28]
+HandshakeMode = Resume
+Protocol = TLSv1.2
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[29-resumption]
+ssl_conf = 29-resumption-ssl
+
+[29-resumption-ssl]
+server = 29-resumption-server
+resume-server = 29-resumption-resume-server
+resume-client = 29-resumption-resume-client
+client = 29-resumption-client
+
+[29-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[29-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[29-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[29-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-29]
+HandshakeMode = Resume
+Protocol = TLSv1.2
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[30-resumption]
+ssl_conf = 30-resumption-ssl
+
+[30-resumption-ssl]
+server = 30-resumption-server
+resume-server = 30-resumption-resume-server
+resume-client = 30-resumption-resume-client
+client = 30-resumption-client
+
+[30-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[30-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[30-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[30-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-30]
+HandshakeMode = Resume
+Protocol = TLSv1
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[31-resumption]
+ssl_conf = 31-resumption-ssl
+
+[31-resumption-ssl]
+server = 31-resumption-server
+resume-server = 31-resumption-resume-server
+resume-client = 31-resumption-resume-client
+client = 31-resumption-client
+
+[31-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[31-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[31-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[31-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-31]
+HandshakeMode = Resume
+Protocol = TLSv1
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[32-resumption]
+ssl_conf = 32-resumption-ssl
+
+[32-resumption-ssl]
+server = 32-resumption-server
+resume-server = 32-resumption-resume-server
+resume-client = 32-resumption-resume-client
+client = 32-resumption-client
+
+[32-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[32-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[32-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[32-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-32]
+HandshakeMode = Resume
+Protocol = TLSv1.1
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[33-resumption]
+ssl_conf = 33-resumption-ssl
+
+[33-resumption-ssl]
+server = 33-resumption-server
+resume-server = 33-resumption-resume-server
+resume-client = 33-resumption-resume-client
+client = 33-resumption-client
+
+[33-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[33-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[33-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[33-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-33]
+HandshakeMode = Resume
+Protocol = TLSv1.1
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[34-resumption]
+ssl_conf = 34-resumption-ssl
+
+[34-resumption-ssl]
+server = 34-resumption-server
+resume-server = 34-resumption-resume-server
+resume-client = 34-resumption-resume-client
+client = 34-resumption-client
+
+[34-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[34-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[34-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[34-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-34]
+HandshakeMode = Resume
+Protocol = TLSv1.2
+ResumptionExpected = Yes
+
+
+# ===========================================================
+
+[35-resumption]
+ssl_conf = 35-resumption-ssl
+
+[35-resumption-ssl]
+server = 35-resumption-server
+resume-server = 35-resumption-resume-server
+resume-client = 35-resumption-resume-client
+client = 35-resumption-client
+
+[35-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[35-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[35-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[35-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-35]
+HandshakeMode = Resume
+Protocol = TLSv1.2
+ResumptionExpected = Yes
+
+
diff --git a/test/ssl-tests/11-dtls_resumption.conf b/test/ssl-tests/11-dtls_resumption.conf
index 3433944..62e1799 100644
--- a/test/ssl-tests/11-dtls_resumption.conf
+++ b/test/ssl-tests/11-dtls_resumption.conf
@@ -1,6 +1,6 @@
 # Generated with generate_ssl_tests.pl
 
-num_tests = 8
+num_tests = 16
 
 test-0 = 0-resumption
 test-1 = 1-resumption
@@ -10,6 +10,14 @@ test-4 = 4-resumption
 test-5 = 5-resumption
 test-6 = 6-resumption
 test-7 = 7-resumption
+test-8 = 8-resumption
+test-9 = 9-resumption
+test-10 = 10-resumption
+test-11 = 11-resumption
+test-12 = 12-resumption
+test-13 = 13-resumption
+test-14 = 14-resumption
+test-15 = 15-resumption
 # ===========================================================
 
 [0-resumption]
@@ -18,6 +26,7 @@ ssl_conf = 0-resumption-ssl
 [0-resumption-ssl]
 server = 0-resumption-server
 resume-server = 0-resumption-resume-server
+resume-client = 0-resumption-resume-client
 client = 0-resumption-client
 
 [0-resumption-server]
@@ -39,6 +48,11 @@ CipherString = DEFAULT
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
+[0-resumption-resume-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
 [test-0]
 HandshakeMode = Resume
 Method = DTLS
@@ -54,6 +68,7 @@ ssl_conf = 1-resumption-ssl
 [1-resumption-ssl]
 server = 1-resumption-server
 resume-server = 1-resumption-resume-server
+resume-client = 1-resumption-resume-client
 client = 1-resumption-client
 
 [1-resumption-server]
@@ -75,6 +90,11 @@ CipherString = DEFAULT
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
+[1-resumption-resume-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
 [test-1]
 HandshakeMode = Resume
 Method = DTLS
@@ -90,6 +110,7 @@ ssl_conf = 2-resumption-ssl
 [2-resumption-ssl]
 server = 2-resumption-server
 resume-server = 2-resumption-resume-server
+resume-client = 2-resumption-resume-client
 client = 2-resumption-client
 
 [2-resumption-server]
@@ -111,6 +132,11 @@ CipherString = DEFAULT
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
+[2-resumption-resume-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
 [test-2]
 HandshakeMode = Resume
 Method = DTLS
@@ -126,6 +152,7 @@ ssl_conf = 3-resumption-ssl
 [3-resumption-ssl]
 server = 3-resumption-server
 resume-server = 3-resumption-resume-server
+resume-client = 3-resumption-resume-client
 client = 3-resumption-client
 
 [3-resumption-server]
@@ -147,6 +174,11 @@ CipherString = DEFAULT
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
+[3-resumption-resume-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
 [test-3]
 HandshakeMode = Resume
 Method = DTLS
@@ -162,6 +194,7 @@ ssl_conf = 4-resumption-ssl
 [4-resumption-ssl]
 server = 4-resumption-server
 resume-server = 4-resumption-resume-server
+resume-client = 4-resumption-resume-client
 client = 4-resumption-client
 
 [4-resumption-server]
@@ -183,6 +216,11 @@ CipherString = DEFAULT
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
+[4-resumption-resume-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
 [test-4]
 HandshakeMode = Resume
 Method = DTLS
@@ -198,6 +236,7 @@ ssl_conf = 5-resumption-ssl
 [5-resumption-ssl]
 server = 5-resumption-server
 resume-server = 5-resumption-resume-server
+resume-client = 5-resumption-resume-client
 client = 5-resumption-client
 
 [5-resumption-server]
@@ -219,6 +258,11 @@ CipherString = DEFAULT
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
+[5-resumption-resume-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
 [test-5]
 HandshakeMode = Resume
 Method = DTLS
@@ -234,6 +278,7 @@ ssl_conf = 6-resumption-ssl
 [6-resumption-ssl]
 server = 6-resumption-server
 resume-server = 6-resumption-resume-server
+resume-client = 6-resumption-resume-client
 client = 6-resumption-client
 
 [6-resumption-server]
@@ -255,6 +300,11 @@ CipherString = DEFAULT
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
+[6-resumption-resume-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
 [test-6]
 HandshakeMode = Resume
 Method = DTLS
@@ -270,6 +320,7 @@ ssl_conf = 7-resumption-ssl
 [7-resumption-ssl]
 server = 7-resumption-server
 resume-server = 7-resumption-resume-server
+resume-client = 7-resumption-resume-client
 client = 7-resumption-client
 
 [7-resumption-server]
@@ -291,6 +342,11 @@ CipherString = DEFAULT
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
+[7-resumption-resume-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
 [test-7]
 HandshakeMode = Resume
 Method = DTLS
@@ -298,3 +354,347 @@ Protocol = DTLSv1.2
 ResumptionExpected = Yes
 
 
+# ===========================================================
+
+[8-resumption]
+ssl_conf = 8-resumption-ssl
+
+[8-resumption-ssl]
+server = 8-resumption-server
+resume-server = 8-resumption-resume-server
+resume-client = 8-resumption-resume-client
+client = 8-resumption-client
+
+[8-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[8-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[8-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[8-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-8]
+HandshakeMode = Resume
+Method = DTLS
+Protocol = DTLSv1
+ResumptionExpected = Yes
+
+
+# ===========================================================
+
+[9-resumption]
+ssl_conf = 9-resumption-ssl
+
+[9-resumption-ssl]
+server = 9-resumption-server
+resume-server = 9-resumption-resume-server
+resume-client = 9-resumption-resume-client
+client = 9-resumption-client
+
+[9-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[9-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[9-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[9-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-9]
+HandshakeMode = Resume
+Method = DTLS
+Protocol = DTLSv1
+ResumptionExpected = Yes
+
+
+# ===========================================================
+
+[10-resumption]
+ssl_conf = 10-resumption-ssl
+
+[10-resumption-ssl]
+server = 10-resumption-server
+resume-server = 10-resumption-resume-server
+resume-client = 10-resumption-resume-client
+client = 10-resumption-client
+
+[10-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[10-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[10-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[10-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-10]
+HandshakeMode = Resume
+Method = DTLS
+Protocol = DTLSv1.2
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[11-resumption]
+ssl_conf = 11-resumption-ssl
+
+[11-resumption-ssl]
+server = 11-resumption-server
+resume-server = 11-resumption-resume-server
+resume-client = 11-resumption-resume-client
+client = 11-resumption-client
+
+[11-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[11-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[11-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[11-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-11]
+HandshakeMode = Resume
+Method = DTLS
+Protocol = DTLSv1.2
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[12-resumption]
+ssl_conf = 12-resumption-ssl
+
+[12-resumption-ssl]
+server = 12-resumption-server
+resume-server = 12-resumption-resume-server
+resume-client = 12-resumption-resume-client
+client = 12-resumption-client
+
+[12-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[12-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[12-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[12-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-12]
+HandshakeMode = Resume
+Method = DTLS
+Protocol = DTLSv1
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[13-resumption]
+ssl_conf = 13-resumption-ssl
+
+[13-resumption-ssl]
+server = 13-resumption-server
+resume-server = 13-resumption-resume-server
+resume-client = 13-resumption-resume-client
+client = 13-resumption-client
+
+[13-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[13-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[13-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[13-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-13]
+HandshakeMode = Resume
+Method = DTLS
+Protocol = DTLSv1
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[14-resumption]
+ssl_conf = 14-resumption-ssl
+
+[14-resumption-ssl]
+server = 14-resumption-server
+resume-server = 14-resumption-resume-server
+resume-client = 14-resumption-resume-client
+client = 14-resumption-client
+
+[14-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[14-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[14-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[14-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-14]
+HandshakeMode = Resume
+Method = DTLS
+Protocol = DTLSv1.2
+ResumptionExpected = Yes
+
+
+# ===========================================================
+
+[15-resumption]
+ssl_conf = 15-resumption-ssl
+
+[15-resumption-ssl]
+server = 15-resumption-server
+resume-server = 15-resumption-resume-server
+resume-client = 15-resumption-resume-client
+client = 15-resumption-client
+
+[15-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[15-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[15-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[15-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-15]
+HandshakeMode = Resume
+Method = DTLS
+Protocol = DTLSv1.2
+ResumptionExpected = Yes
+
+
diff --git a/test/ssl-tests/protocol_version.pm b/test/ssl-tests/protocol_version.pm
index 276adfd..059b1d0 100644
--- a/test/ssl-tests/protocol_version.pm
+++ b/test/ssl-tests/protocol_version.pm
@@ -142,11 +142,12 @@ sub generate_resumption_tests {
         return;
     }
 
-    my @tests = ();
+    my @server_tests = ();
+    my @client_tests = ();
 
-    # Obtain the first session against a fixed-version server.
+    # Obtain the first session against a fixed-version server/client.
     foreach my $original_protocol($min_enabled..$#protocols) {
-        # Upgrade or downgrade the server max version support and test
+        # Upgrade or downgrade the server/client max version support and test
         # that it upgrades, downgrades or resumes the session as well.
         foreach my $resume_protocol($min_enabled..$#protocols) {
             my $resumption_expected;
@@ -158,7 +159,8 @@ sub generate_resumption_tests {
             }
 
             foreach my $ticket ("SessionTicket", "-SessionTicket") {
-                push @tests, {
+                # Client is flexible, server upgrades/downgrades.
+                push @server_tests, {
                     "name" => "resumption",
                     "client" => { },
                     "server" => {
@@ -176,11 +178,31 @@ sub generate_resumption_tests {
                         "ResumptionExpected" => $resumption_expected,
                     }
                 };
+                # Server is flexible, client upgrades/downgrades.
+                push @client_tests, {
+                    "name" => "resumption",
+                    "client" => {
+                        "MinProtocol" => $protocols[$original_protocol],
+                        "MaxProtocol" => $protocols[$original_protocol],
+                    },
+                    "server" => {
+                        "Options" => $ticket,
+                    },
+                    "resume_client" => {
+                        "MaxProtocol" => $protocols[$resume_protocol],
+                    },
+                    "test" => {
+                        "Protocol" => $protocols[$resume_protocol],
+                        "Method" => $method,
+                        "HandshakeMode" => "Resume",
+                        "ResumptionExpected" => $resumption_expected,
+                    }
+                };
             }
         }
     }
 
-    return @tests;
+    return (@server_tests, @client_tests);
 }
 
 sub expected_result {
diff --git a/test/ssl_test.c b/test/ssl_test.c
index c5deeb2..b28d308 100644
--- a/test/ssl_test.c
+++ b/test/ssl_test.c
@@ -215,7 +215,7 @@ static int execute_test(SSL_TEST_FIXTURE fixture)
 {
     int ret = 0;
     SSL_CTX *server_ctx = NULL, *server2_ctx = NULL, *client_ctx = NULL,
-        *resume_server_ctx = NULL;
+        *resume_server_ctx = NULL, *resume_client_ctx = NULL;
     SSL_TEST_CTX *test_ctx = NULL;
     HANDSHAKE_RESULT *result = NULL;
 
@@ -233,7 +233,9 @@ static int execute_test(SSL_TEST_FIXTURE fixture)
         client_ctx = SSL_CTX_new(DTLS_client_method());
         if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RESUME) {
             resume_server_ctx = SSL_CTX_new(DTLS_server_method());
+            resume_client_ctx = SSL_CTX_new(DTLS_client_method());
             OPENSSL_assert(resume_server_ctx != NULL);
+            OPENSSL_assert(resume_client_ctx != NULL);
         }
     }
 #endif
@@ -247,11 +249,14 @@ static int execute_test(SSL_TEST_FIXTURE fixture)
 
         if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RESUME) {
             resume_server_ctx = SSL_CTX_new(TLS_server_method());
+            resume_client_ctx = SSL_CTX_new(TLS_client_method());
             OPENSSL_assert(resume_server_ctx != NULL);
+            OPENSSL_assert(resume_client_ctx != NULL);
         }
     }
 
-    OPENSSL_assert(server_ctx != NULL && client_ctx != NULL);
+    OPENSSL_assert(server_ctx != NULL);
+    OPENSSL_assert(client_ctx != NULL);
 
     OPENSSL_assert(CONF_modules_load(conf, fixture.test_app, 0) > 0);
 
@@ -265,9 +270,12 @@ static int execute_test(SSL_TEST_FIXTURE fixture)
     if (resume_server_ctx != NULL
         && !SSL_CTX_config(resume_server_ctx, "resume-server"))
         goto err;
+    if (resume_client_ctx != NULL
+        && !SSL_CTX_config(resume_client_ctx, "resume-client"))
+        goto err;
 
     result = do_handshake(server_ctx, server2_ctx, client_ctx,
-                          resume_server_ctx, test_ctx);
+                          resume_server_ctx, resume_client_ctx, test_ctx);
 
     ret = check_test(result, test_ctx);
 
@@ -277,6 +285,7 @@ err:
     SSL_CTX_free(server2_ctx);
     SSL_CTX_free(client_ctx);
     SSL_CTX_free(resume_server_ctx);
+    SSL_CTX_free(resume_client_ctx);
     SSL_TEST_CTX_free(test_ctx);
     if (ret != 1)
         ERR_print_errors_fp(stderr);
diff --git a/test/ssl_test.tmpl b/test/ssl_test.tmpl
index 3169918..206c4a1 100644
--- a/test/ssl_test.tmpl
+++ b/test/ssl_test.tmpl
@@ -11,6 +11,9 @@ server = {-$testname-}-server{-
     if (%resume_server) {
         $OUT .= "\nresume-server = $testname-resume-server";
     }
+    if (%resume_client) {
+        $OUT .= "\nresume-client = $testname-resume-client";
+    }
 -}
 client = {-$testname-}-client
 
@@ -37,6 +40,12 @@ client = {-$testname-}-client
     foreach my $key (sort keys %client) {
         $OUT .= qq{$key} . " = " . qq{$client{$key}\n} if defined $client{$key};
     }
+    if (%resume_client) {
+        $OUT .= "\n[$testname-resume-client]\n";
+        foreach my $key (sort keys %resume_client) {
+            $OUT .= qq{$key} . " = " . qq{$resume_client{$key}\n} if defined $resume_client{$key};
+        }
+    }
 -}
 [test-{-$idx-}]
 {-


More information about the openssl-commits mailing list